While other MediaPost newsletters and articles remain free to all ... our new Research Intelligencer service is reserved for paid subscribers ...

Subscribe today to gain access to the every Research Intelligencer article we publish as well as the exclusive daily newsletter, full access to The MediaPost Cases, first-look research and daily insights from Joe Mandese, Editor in Chief.

Images Are New Playground For Malicious Code, Costing Advertisers Millions

A growing trend of embedding malicious ads within the images of ads could wreak havoc on the advertising industry and cost brands millions this year.

The practice, known as
steganography, makes images the new frontier for malicious ads. It conceals a file, message, image, or video within another file, message, image, or video, according to GeoEdge.

The research
suggests that not every publisher's security provider monitors and analyzes images for malicious code. This creates an opportunity to exploit the potential vulnerability in the embedded images in ads
running on publisher sites and in-app.

GeoEdge, which provides ad security and verification software, noticed an increase of incidents earlier this year through the company’s technology,
but the number of incidents has grown exponentially during the fourth quarter of 2018.

In one example of Experian’s ad, GeoEdge identified a second image that is unseen to those viewing
the ad on a desktop or mobile device. The ad, hidden inside the ad request, calls up the embedded malicious code. In this instance, the malicious code was an auto-redirect to a phishing site targeting
U.S. users.

advertisement

advertisement

Last year auto-redirect malvertising attacks cost the advertising industry about $1.13 billion in lost
revenue. GeoEdge expects that number to rise between 20% and 30% in 2019, based on the number of attacks identified this year.

“It’s hard to put an exact dollar figure on it, but
the amount could break into the millions of dollars in 2019,” said Amnon Siev, CEO, GeoEdge.

Malvertising and steganography have existed as challenges for years, but
the latter recently gained momentum as advertisers began using more images and video in campaigns.

And as the industry increases the amount of campaigns for the holidays, the number of
incidents will rise. For instance, DoubleVerify this year identified a new bot network specifically targeting Connected TV devices.

The botnet was uncovered after DoubleVerify noticed 40% spike in traffic from CTV devices, marking the first direct, scaled botnet attack the company identified.